US-9215218

Systems and methods for secure workgroup management and communication

PublishedDecember 15, 2015

Assigneenot available in USPTO data we have

Inventorsnot available in USPTO data we have

Technical Abstract

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Patent Claims

24 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A method for secure workgroup communication, the method comprising: generating a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes; encrypting the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and broadcasting the encrypted workgroup key update messages and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.

2. The method of claim 1 wherein encrypting the workgroup key update message comprises encrypting the workgroup key update message using a public-key broadcast encryption scheme.

3. The method of claim 2 wherein encrypting the workgroup key update message using a public-key broadcast encryption scheme comprises: generating a binary tree of span M, wherein M is the maximum size of the workgroup; associating the public key of each parent node of the workgroup with a unique leaf of the binary tree; identifying all parent nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked child nodes of the workgroup; and encrypting the workgroup key update message under each of the public keys associated with the identified parent nodes.

4. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed periodically on a predefined schedule.

5. The method of claim 1 wherein the generating the workgroup key update message and broadcasting are performed automatically in response to the communication privileges of a parent node or child node of the workgroup being revoked.

6. The method of claim 1 wherein broadcasting the encrypted workgroup key update messages to the workgroup comprises posting the encrypted workgroup key update messages to a website.

7. The method of claim 1 , wherein encrypting the workgroup key update message comprises generating separate ciphertexts for each of at least a subset of the public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key.

8. The method of claim 1 , wherein the workgroup key comprises a session key used by the parent nodes in the workgroup to encrypt the workgroup communications.

9. The method of claim 1 , wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.

10. The method of claim 1 , wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.

11. The method of claim 1 , wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

12. A system for secure workgroup communication, the system comprising: a workgroup key server configured to: generate a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes; encrypt the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and broadcast the encrypted workgroup key update message and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.

13. The system of claim 12 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme.

14. The system of claim 12 wherein the workgroup key server is configured to encrypt the workgroup key update message using a public-key broadcast encryption scheme by: generating a binary tree of span M, wherein M is the maximum size of the workgroup; associating the public key of each parent node of the workgroup with a unique leaf of the binary tree; identifying all parent nodes of the binary tree that are coexistent to or parents of leaves associated with non-revoked child nodes of the workgroup; and encrypting the workgroup key update message under each of the public keys associated with the identified parent nodes.

15. The system of claim 12 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message periodically on a predefined schedule.

16. The system of claim 12 wherein the workgroup key server is configured to generate the workgroup key update message and broadcast the encrypted workgroup key update message automatically in response to the communication privileges of a parent node or child node of the workgroup being revoked.

17. The system of claim 12 wherein the workgroup key server is configured to broadcast the encrypted workgroup key update messages to the workgroup by posting the key update message to a website.

18. The system of claim 12 wherein the workgroup key update message further includes a timestamp which indicates when the workgroup key was generated.

19. The system of claim 12 , wherein the workgroup key server is configured to encrypt the workgroup key update message by generating separate ciphertexts for each of at least a subset of the public keys, wherein each ciphertext comprises the workgroup key update message encrypted using a respective public key.

20. The system of claim 12 , wherein the workgroup key comprises a session key used by the parent nodes in the workgroup to encrypt the workgroup communications.

21. The system of claim 12 , wherein the workgroup communications comprise one or more key exchange messages for communicating a cryptographic key within the workgroup, and the workgroup key is used to encrypt the cryptographic key.

22. The system of claim 12 , wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

23. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising: generating a workgroup key update message for a workgroup, wherein the workgroup key update message includes a workgroup key and a time to live (TTL) value for the workgroup key, and wherein the workgroup includes a plurality of parent nodes and child nodes, each of the child nodes being associated with one or more of the parent nodes; encrypting the workgroup key update message using a plurality of public keys associated with the plurality of parent nodes to obtain a plurality of encrypted workgroup key update messages, wherein each of the encrypted workgroup key update messages has been encrypted with a respective one of the plurality of public keys; and broadcasting the encrypted workgroup key update message and an identification of the parent nodes to the workgroup, wherein the identification is usable by the plurality of child nodes to decrypt the encrypted workgroup key update messages.

24. The non-transitory computer-readable medium of claim 23 , wherein each child node is capable of decrypting at least one of the encrypted workgroup key update messages using a public key for a parent node associated with the child node.

Classification Codes (CPC)

Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.

H04L

Patent Metadata

Filing Date

February 14, 2014

Publication Date

December 15, 2015

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search